Imagine the following scenario: the clustershield helm chart is
re-deployed and the contents of either its configmap, secrets, or
webhook change... and the clustershield deployment itself does not
change. The clustershield deployment won't restart because it does not
know that anything has changed - even though the things it depended on
change.
This problem is especially pronounced for clustershield because with
the default behavior it will auto-generate the certificates used for
communication between the webhook and the deployment. If the webhook
certificate changes and the deployment doesn't restart, the webhook
won't be able to communicate with the pods in the deployment.
yoderme
commented
1 month ago